Metacurity

Share this post
Suspected Iranian Hackers May Have Caused Rocket Sirens to Blare in Two Israeli Cities
metacurity.substack.com

Suspected Iranian Hackers May Have Caused Rocket Sirens to Blare in Two Israeli Cities

Infosec community outraged over BSides Cleveland 'surprise' speaker, Paige Thompson found guilty over Capital One hacking charges, Int'l op disrupts RSocks malware botnet, much more

Cynthia Brumfield
Jun 20
1
Share this post
Suspected Iranian Hackers May Have Caused Rocket Sirens to Blare in Two Israeli Cities
metacurity.substack.com

Metacurity is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

gray megaphone on white surface
Photo by Possessed Photography on Unsplash

The Israel National Cyber Directorate (INCD) believes that suspected Iranian hackers may have been behind an incident that caused rocket sirens to go off in Jerusalem and Eilat.

Authorities instructed local councils to take preventative measures to secure their alert systems since they were activated by municipal alert systems and not by the Israel Defense Forces home front command. (Times of Israel)

Related: Arutz Sheva News, Cybertech, Cleveland Jewish News, JNS.org - Jewish News Syndicate, Haaretz, ynet - News, JewishPress.com, Jerusalem Post

German prosecutors issued an arrest warrant for Russian man Nikolaj Kozachek who they accuse of working for the Russian intelligence arm GRU to carry out a cyber-attack on computers in the Joint Air Power Competence Center, a NATO think tank, in Kalkar, North Rhine-Westphalia.

Investigators say that Kozachek worked for the Russian hacker unit APT28, also known as "Fancy Bear.” This unit is also held responsible for the attack on the IT system of the German Bundestag in spring 2015. (Florian Flade / Tagescchau)

Twitter avatar for @hatrhakan @hatr
German prosecutors have an arrest warrant out for Nikolay Kozachek, who, they allege, is a hacker for APT28 and was active in NATO systems (located in Germany). Florian has the write-up.

Florian Flade @FlorianFlade

Die US-Justiz sucht schon seit Jahren nach Nikolay Kozachek. Jetzt hat auch @GBA_b_BGH einen Haftbefehl gegen den Russen erwirkt. Er soll als Hacker für den russischen Militärgeheimdienst #GRU arbeiten - und eine #NATO-Thinktank in #NRW ausspioniert haben. https://t.co/BSHA5257i5

June 17th 2022

46 Retweets76 Likes

Kremlin spokesman Dmitry Peskov said that Russian President Vladimir Putin was forced to delay a highly anticipated speech at the St. Petersburg International Economic Forum after a DDoS attack disrupted the system handling access badges to the venue.

A person at the forum said audience members could enter the main hall without difficulty but noted that mobile internet access in the area appeared to be cut off. (Bloomberg News)

Related: The Register - Security, Egypt Independent, The Independent, Euractiv

Twitter avatar for @kevincollierKevin Collier @kevincollier
This morning, Ukraine's IT Army seemed to successfully delay Putin's speech by an hour and a half with a DDoS attack. About 20 minutes ago, the IT Army posted headlines from Russian news reports about it for its followers: "You did a very good job today!"
nbcnews.com/news/world/put…
Image

June 17th 2022

13 Retweets17 Likes

The infosec community was outraged over the inclusion of social engineering expert Christopher Hadnagy as a “surprise” speaker at BSides Cleveland after DEFCON had banned him from its conference following multiple reports that he violated the event’s code of conduct in 2021.

While BSides Cleveland ultimately apologized for its poor “decision making,” the Security BSides organization promised to investigate the decisions that led to this outcome and work with the Cleveland organization on ways to avoid this situation in the future.

Related: Skytalks

Twitter avatar for @AlyssaM_InfoSec👑 Alyssa Miller 🦄 @AlyssaM_InfoSec
So @BSidesCleveland chose to ambush attendees with a "surprise speaker" who is a man publicly banned from another con series for violating their CoC. I'm sure they'll say the secrecy had nothing to do with the fact that many don't feel safe around him and would not have come. 1/

June 18th 2022

202 Retweets1,038 Likes
Twitter avatar for @AlyssaM_InfoSec👑 Alyssa Miller 🦄 @AlyssaM_InfoSec
Just gonna leave this here, it *was* planned not a last minute fill-in.

BSidesCleveland @BSidesCleveland

We communicated with him between then and now, and when he felt like he might be at a point to get back to speaking, we added a Special Guest to the lineup. Two weeks ago Chris confirmed he would like to try to speak, and we neglected to remove the Special Guest on the lineup.

June 19th 2022

5 Retweets69 Likes
Twitter avatar for @HackingDaveDave Kennedy @HackingDave
I cancelled my talk earlier today and am home. I hope to record it soon and publish online. It was great to see everyone. The whole situation sucks, but the right decision to pull it. I wish everyone safe travels home.

June 18th 2022

44 Retweets829 Likes
Twitter avatar for @MalwareTechBlogMarcus Hutchins @MalwareTechBlog
The BSides Cleveland thing is is one of those things that completely fails the "never attribute to malice what can be explained by incompetence" test for even the most reasonable of people. If any one of those things happened in a vacuum then yeah, maybe. but like... Thread:

June 19th 2022

40 Retweets324 Likes
Twitter avatar for @hacks4pancakesLesley Carhart 🏳️‍🌈 @hacks4pancakes
Just a reminder that your women / enby / LGBT / etc etc friends are often the ones “starting infosec drama” 🤮 because few others are calling out bad behavior in infosec that can genuinely harm them, and so they’re perpetually honor-bound to, so thanks for others who speak up.

June 19th 2022

112 Retweets797 Likes
Twitter avatar for @BSidesClevelandBSidesCleveland @BSidesCleveland
We own our poor decision making and again apologize to the community for not communicating the final lineup. Should BSides Cleveland continue again, this will not happen again.

June 18th 2022

3 Retweets41 Likes
Twitter avatar for @SecurityBSidesSecurity BSides @SecurityBSides
We are aware of what transpired at BSidesCLE today. While each event is independent, we want to make it clear that this was a serious misstep on their part. 1/3

June 18th 2022

100 Retweets665 Likes

Paige Thompson, a former Amazon engineer accused of stealing more than 100,000 customers’ personal information from Capital One in one of the most significant breaches in the United States, was found guilty of wire fraud and hacking charges.

A Seattle jury found that Thompson violated an anti-hacking law known as the Computer Fraud and Abuse Act, which forbids access to a computer without authorization. The jury found her not guilty of identity theft and access device fraud. In addition to stealing the customers’ data, the Justice Department said she used her access to Capital One’s servers to mine cryptocurrency. (Kate Conger / New York Times)

Related: Yahoo, Latestly.com, BGR, Cyber Kendra, Fortune, Business Standard, Engadget, GeekWire Original, Engadget, The Verge, CNBC Technology

The U.S. Department of Justice said that an operation involving the FBI and police forces in Germany, the Netherlands, and the United Kingdom disrupted the Russian RSocks malware botnet used to hijack millions of computers, Android smartphones, and IoT devices worldwide for use as proxy servers.

FBI agents began mapping the RSocks infrastructure in an undercover operation where they purchased to access a large number of proxies in 2017. At that time, investigators identified 325,000 compromised devices, many located in the United States. RSocks allegedly compromised these devices by brute-forcing their passwords and installing software on the breached computers to turn them into proxy servers. (Bill Toulas / Bleeping Computer)

Related: Justice Department, NBC News Technology, CyberNews, Tech Monitor, ET news, Teiss, Der Spiegel, GovInfoSecurity.com, The Register - Security, The Hacker News

Leaked audio from more than 80 internal TikTok meetings shows that employees of China-based ByteDance have repeatedly accessed nonpublic data about U.S. TikTok users despite repeatedly promising that information gathered about users in the United States is stored in the United States.

The recordings, which range from small-group meetings with company leaders and consultants to policy all-hands presentations, contain 14 statements from nine different TikTok employees indicating that engineers in China had access to US data between September 2021 and January 2022. The vast majority of situations where China-based staff accessed US user data were in service of Project Texas's aim to halt this data access.

Project Texas is key to a contract that TikTok is currently negotiating with cloud services provider Oracle and CFIUS. Under the CFIUS agreement, TikTok would hold US users’ protected private information, like phone numbers and birthdays, exclusively at a data center managed by Oracle in Texas. (Emily Baker-White / Buzzfeed News)

Related: TechCrunch, Protocol, Washington Examiner, Engadget, Neowin, Gizchina, AFP, New York Post, Dot.la, Gizmodo, Barron’s, Adweek, Insider, Mashable, Wall Street Journal

Italian mobile security company Cleafy said that the threat actor behind the BRATA banking trojan has evolved its tactics and improved its malware with APT-life information-stealing capabilities.

The malware has been updated with new phishing techniques and classes to request additional permissions on the device. It also drops a second-stage payload from the command and control (C2) server. (Bill Toulas / Bleeping Computer)

Related: Cyberintel Magazine, Security Affairs, Security News | Tech Times, The Hacker News, Cleafy

Researchers at Wordfence report that over a million WordPress websites using a widely used plugin named Ninja Forms have been updated automatically to remediate a critical security vulnerability suspected of having been actively exploited in the wild.

According to Wordfence, the bug "made it possible for unauthenticated attackers to call a limited number of methods in various Ninja Forms classes, including a method that unserialized user-supplied content, resulting in Object Injection." (Ravie Lakshmanan / The Hacker News)

Related: Security Week, Help Net Security, Security Affairs

Network-attached storage (NAS) vendor QNAP warned customers to secure their devices against a new campaign of attacks pushing DeadBolt ransomware, urging them to update their devices to the latest firmware version and ensure they're not exposed to remote access over the Internet.

During attacks targeting QNAP NAS devices in late January that hit thousands of victims, DeadBolt ransomware hijacked the device's login page to display a screen stating, "WARNING: Your files have been locked by DeadBolt." (Sergiu Gatlan / Bleeping Computer)

Related: iTech Post, heise online News, QNAP

California man Hao Kuo Chi, accused of breaking into thousands of Apple iCloud accounts and stealing private photos and videos of nude young women, has been sentenced to nine years in federal prison.

The Justice Department said Chi operated for years on Anon-IB, a now-defunct website notorious for posting revenge porn. Chi hacked into the Apple iCloud accounts of victims across the United States in search of nude photographs and videos of young women, which he called “wins.” Using the online moniker “icloudripper4you,” he then shared and traded these images with persons he had met on Anon-IB. (Associated Press)

Related: Bleeping Computer, Hack Read, Justice.gov

The latest victim in a string of DeFi hacks is Inverse Finance, which suffered a fresh exploit worth $1.2 million.

This exploit follows an April hack of the protocol, which resulted in a loss of $15.6 million. In this latest incident, an attacker could get away with $1.2 million by exploiting a flash loan. Inverse temporarily paused borrowing following the exploit. (Kanav Jain / AMB Crypto)

Related: Inverse, Crypto Slate, Coindesk, Cointelegraph, The Register

Twitter avatar for @InverseFinanceInverse+ @InverseFinance
Inverse has temporarily paused borrows following an incident this morning where DOLA was removed from our money market, Frontier. We are investigating the incident however no user funds were taken or were at risk. We are investigating and will provide more details soon.

June 16th 2022

13 Retweets73 Likes

In the largest class-action settlement in the Canadian financial sector, the Superior Court of Quebec has approved a nearly $200.9-million (around $155 million) settlement of a class-action lawsuit against Desjardins over a data breach.

The 2020 security incident compromised the data of 4.2 million people with active accounts. Class members may seek compensation for loss of time that is related to the personal information breach, as well as for identity theft. Class members who have not already registered for Equifax's credit monitoring service will also be able to do so for five years at Desjardins' cost and maintain the other protective measures implemented by Desjardins following the breach for at least five years. (The Canadian Press)

Related: Insurance Business

Share this post
Suspected Iranian Hackers May Have Caused Rocket Sirens to Blare in Two Israeli Cities
metacurity.substack.com
Comments

Create your profile

0 subscriptions will be displayed on your profile (edit)

Skip for now

Only paid subscribers can comment on this post

Already a paid subscriber? Sign in

Check your email

For your security, we need to re-authenticate you.

Click the link we sent to , or click here to sign in.

TopNew

No posts

Ready for more?

© 2022 DCT Associates
Privacy ∙ Terms ∙ Collection notice
Publish on Substack Get the app
Substack is the home for great writing